Alpha Bullion is unable to fulfill orders from unverified accounts. To redeem PAX Gold tokens for physical gold products, please follow our verification process here.

  1. Blog

New Malware Targeting Over 40 Crypto Wallets Discovered in Hacking Attack

New Malware Targeting Over 40 Crypto Wallets Discovered in Hacking Attack

A new malware dubbed “Mars Stealer” was recently used in several hacking incidents leading to the theft of millions of dollars in cryptocurrency from digital wallets. Mars Stealer is an upgrade to the Oski trojan which was widely used in malware attacks in 2019. The new malware targets over 40 browser-based digital wallet extensions like Coinbase Wallet, Metamask, and Binance Chain Wallet. Additionally, the malware has capabilities of targeting two-factor authentication (2FA) extensions with a grabber feature that takes the user’s private keys.

Security experts noted that digital wallets like Ronin Wallet, Nifty Wallet, MetaMask, Coinbase Wallet, Binance Chain Wallet, MEW CX, and TronLink are the main target for hackers using the malware. The malware targets Chromium-based browsers, which affects the most popularly used browser like Google Chrome, Brave, and Microsoft Edge. On the other hand, Opera and Firefox are less vulnerable but can still be affected by credential-hacking.

The following applications are under threat:  

  • Internet Explorer
  • Kometa
  • Torch
  • Comodo Dragon
  • Elements Browser
  • CyberFox
  • Authenticator
  • Authy
  • Trezor Password Manager
  • TronLink
  • Yoroi
  • iWallet
  • Neoline
  • ICONex
  • OneKey
  • ZilPay
  • Bitcoin Core
  • Binance
  • MultiDoge

Hackers spread the Mars Stealer through several different torrent clients, file-hosting websites, and other downloading systems. Once the system is infected, Mars Stealer searches for files with sensitive data like digital wallet addresses and private key info. Lastly, the malware deletes its presence and activities from the system once the hack is complete. 

Mars Stealer accesses the following information:

  • IP and country
  • Working path to EXE file
  • Local time and time zone
  • Language system
  • Language keyboard layout
  • Notebook or desktop
  • Processor model
  • Computer name
  • User name
  • Domain computer name
  • Machine ID
  • GUID
  • Installed software and their versions

Mars Stealer is selling on the dark web for $140 for the basic application and $160 for the extended version. Given its low price, it is expected to attract many users to access the malware program. The high number of Mars Stealer hackers will likely increase the number of attacks on unsuspecting cryptocurrency owners who own assets on the targeted wallets. Given these points, cryptocurrency holders should exercise extreme caution when clicking on suspicious links as a way to prevent infection from Mars Stealer.


Alpha Bullion is an innovative service for redeeming PAX Gold tokens for real, physical gold. Each token acts as proof of ownership for 1 oz of gold stored at no additional cost in bar form in some of the most secure vaults in London. This provides all the stability benefits offered by precious metals without the burden of storage or shipping. It also allows for a market first feature, as the potential for cryptocurrency loans using PAX Gold would allow customers to essentially earn dividends on precious metals. This unique bridge between the ancient and the innovative has already drawn attention from press such as Coindesk and Jim Cramer of Mad Money. Learn more by following select external articles on our blog, and stay tuned for more original content from Alpha Bullion.